CloudGuard in NSX for VDI host isolation?
I have a project coming up in which I'll be tasked with isolating VDI hosts from each other, to prevent employees and vendors from being able to move east/west within the VDI networks. I can't figure out if this is something that can be done. Anyone know, or have suggestions? I'd like to implement something better than just ACLs.
Sure, it can be done.
Even if you use a solution like CloudGuard, it will be in concert with the native security controls in VMware.
The native controls will handle basic segmentation duties (allow/drop of specific types of traffic).
CloudGuard (with or without NSX) can be used for deeper inspection.
As Dameon said within NSX Distributed Firewall handles the micro-segmentation and traffic between any VDI can be inspected by either NSX DF or a Check Point CloudGuard, it is done based on security tags and you can assign tags per VDIs, NSX DF is a basic L3-4 firewall where as CloudGurad can be used for deeper inspection and other L4-7 features